Model Checking
E. M. Clarke, O. Grumberg, D. A. Peled
1
Model Checking
Temporal
Logics
Models
Model Checking
Kripke Structure
Graph (SCC)
Tableaux
Automata
Symbolic (BDD, Fixpoint)
On the Fly
Partial order reduction
2
Chapter 2: Modeling Systems
• Modeling Concurrent Systems
– Kripke Structure (S,S0,R,L)
– First Order Representation (V,S0,R)
– Granularity of Transitions
• Concurrent Systems
– Digital Circuits (Synchronous/Asynchronous)
– Programs
– Concurrent Programs
3
Chapter 3: Temporal Logics
• CTL*
– Temporal Operators
– Path Quantifier
– Path and State Formulas
• CTL and LTL
– CTL/ACTL
– LTL
• Fairness
– Fairness Constraints
– Fair Kripke Structure (S,R,L,F)
– Fair Semantics
4
Chapter 4: Model Checking
• CTL Model Checking (Labeling)
– CheckEU
– CheckEG
– Fairness (CheckFairEG)
• LTL Model Checking by Tableau
– PSPACE/NP-Hard
– Tableau Construction (s,K)
– Check Self-fulfilling SCC
• CTL* Model Checking
– CTL and LTL Subformulas
– Divide and Conquer
5
Chapter 5: Binary Decision Diagrams
• Representing Boolean Formulas/Functions
– Ordered Binary Decision Trees
– Ordered Binary Decision Diagrams
– OBDD Operations
• Representing Kripke Structure
– Boolean Representation of Variables
– Relation = Characterization Function
– Characterization Function = OBDD
– (S,S0,R,L) = OBDDs
6
Chapter 6: Symbolic MC
• Fixpoint Representation
– Fixpoint
– Fixpoint Computation
– CTL Formulas
• Symbolic CTL Model Checking
– Quantifier Boolean Formulas
– CheckEX/CheckEU/CheckEG
• Fairness
– Fixpoint Representation of Fair EGf
– CheckFairEG/CheckFairEX/CheckFairEU
7
Chapter 6(2): Symbolic MC
• Counterexamples and Witnesses
• Relational Product Computation
– RelProd
– Partitioned Transition Relations
• Symbolic LTL Model Checking
–
–
–
–
Tableaux for LTL Formulas
Product of Kripke Structures and LTL Tableaux
Fairness Constraints for Until-Subformulas
Symbolic Model Checking
8
Chapter 7: MC for -Calculus
• Propositional -Calculus
– Modified Kripke Structure (S,T,L)
– Relational Variables and Environments
– Alternation Depth
• Evaluating Fixpoint Formulas
– Algorithms
– OBDD Representation
• CTL to -Calculus
• Complexity
9
Chapter 9: MC and Automata
• Automata
– Finite Words
– Infinite Words
• Buchi Automata
– Nondeterministic Buchi Automata
– Generalized Buchi Automata
• Checking Emptiness
– Double DFS
– Correctness
10
Chapter 9(2): MC and Automata
• LTL to Automata
• On the Fly Model Checking
• Checking Language Containment Symbolically
11
Chapter 10: Partial Order Reduction
• Concurrency in Asynchronous Systems
– Depth First Search
– ample(s) versus enabled(s)
• Independence and Invisibility
– Independence
– Invisibility
– Invariant under Stuttering
• Partial Order Reduction for LTL_x
– c0 – c4
12
Chapter 10(2): Partial Order Red.
• Calculating Ample Sets
–
–
–
–
c0, c2, c1 – Heuristic, c3 – c3’
Heuristic
On the Fly Reduction
Correctness
• Partial Order Reduction in SPIN
– MC in Practice
13
Chapter 8: MC in Practice
• SMV Model Checker
–
–
–
–
Modules
Synchronous and interleaved Composition
Nondeterministic Transitions
Transition Relations
• Model Checking Example
– IEEE Futurebus+ Standard
14
归类
•
•
•
•
不同类型的模型
不同类型的时序逻辑
各种模型检测算法(优化方法)及算法正确性分析
模型检测工具和实例
15
模型
•
•
•
•
•
•
•
•
Kripke Structures
模型之间的
Fair Kripke Structures
关系
Modified Kripke Structures
模型之间的
First Order Representation
转换
Digital Circuits (Synchronous/Asynchronous)
Programs and Concurrent Programs
不同模型的
Buchi Automata
特点
Generalized Buchi Automata
16
时序逻辑
•
•
•
•
CTL*
CTL/ACTL
LTL
-Calculus
逻辑的
语法语义
不同逻辑的
关系
不同逻辑的
特点
17
模型检测相关算法(1)
•
•
•
•
•
•
•
•
CTL Model Checking (Labeling)
LTL Model Checking by Tableau
CTL* Model Checking
Symbolic CTL Model Checking
Symbolic Fair CTL Model Checking
Symbolic LTL Model Checking
Model Checking for -Calculus
Checking Emptiness
算法
复杂性
算法的
基本原理
算法
正确性
18
模型检测相关算法(2)
•
•
•
•
•
Counterexamples and Witnesses
Relational Product Computation
LTL to Automata
CTL to -Calculus
Concurrent Programs to First Order Rep.
19
模型检测相关算法(3)
•
•
•
•
On the Fly Model Checking
Partial Order Reduction
Heuristics for Ample Sets
Checking Language Containment Symbolically
20
模型检测算法相关数据结构
• OBDD
表示方法
化简和计算
方法
21
模型检测工具
• SMV – IEEE Futurebus+ Standard
• SPIN – Leader Election
22
总体课程目标
• 掌握模型检测基础理论
– 不同类型的模型
– 不同类型的时序逻辑
– 各种模型检测算法及算法正确性分析
• 具备模型检测方法研究及应用的能力
– 能够较快阅读本专业方向的文献
– 能够针对特定问题设计模型检测算法
– 能够应用模型检测方法和工具对特定问题进行验证